Public Consultation on The Cybersecurity (Amendment) Bill

Introduction

The Cyber Security Agency of Singapore (CSA) is seeking views on the proposed amendments to the Cybersecurity (Amendment) Bill. The consultation exercise will start on 15 Dec 2023 and end on 15 Jan 2024.

Background

2  The Cybersecurity Act, which came into force in August 2018, is the legislative framework that governs the oversight and maintenance of national cybersecurity in Singapore.

3  Since the Act was enacted, the cyber threat landscape and business environment have been continually changing. Singapore’s digitalisation efforts have also been progressing rapidly, and Singapore is now amongst one of the most digitally connected countries in the world. These developments have accelerated our connectivity, computing and data storage needs.  These bring about new considerations for cybersecurity.

4  The draft Cybersecurity (Amendment) Bill seeks to ensure that Singapore’s cybersecurity laws remain fit-for-purpose, and capable of addressing the emerging challenges in cyberspace.

Scope of Consultation

5  In reviewing the Cybersecurity Act, CSA has sought to:

1. Keep pace with developments in technology and industry practices. To ensure that the Act remains relevant as technology and business models evolve.


2. Look beyond the Critical Information Infrastructure (CII) to ensure the cybersecurity of other important systems and infrastructure. To extend the coverage of the Cybersecurity Act to address the broader ecosystem as increased adoption of digital technologies has also increased exposure to growing cyber threats.


3. Respond to evolving cybersecurity challenges. To update regulations to ensure that the Commissioner has early and timely information of the cybersecurity vulnerabilities, threats, and incidents that affect CIIs and other identified systems and infrastructure.
   

6  The draft Cybersecurity (Amendment) Bill seeks to:

1. Update existing laws pertaining to the protection of CII, and to continue to maintain a high standard of protection for these systems.


• Amendments to the Act will consider technology developments, and enable existing CII owners to leverage new technologies, such as cloud services.


• Amendments will also be made to facilitate the operationalisation and administration of the CII regulation, such as the introduction of powers for the Commissioner of Cybersecurity to grant time extensions for requirements under the Act, and to authorise an onsite inspection to ascertain compliance.


2. Extend Commissioner of Cybersecurity’s oversight, so that CSA can do more to safeguard nationally important computer systems that face heightened risks during crucial periods, and support entities of special cybersecurity interest, which, if breached or disrupted, could have detrimental implications for the defence, foreign relations, economy, public health, public safety, or public order of Singapore, which may in turn affect trust and confidence in Singapore’s digitalisation efforts.


• Entities regulated under the Cybersecurity Act will be required to adhere to cybersecurity standards of practice, report cybersecurity incidents to CSA, and comply with directions issued by the Commissioner to take necessary steps to ensure the cybersecurity of specific computer systems under their charge. 


3. Enable a greater situational awareness of the cybersecurity threats to foundational digital infrastructure that undergirds our digital economy and digital way of life, and the power to mandate baseline cybersecurity standards for these foundational digital infrastructure.
   

7 CSA invites members of the public and stakeholders to provide their feedback no later than 5pm on 15 Jan 2024. Feedback is to be provided online via Public Consultation on Cybersecurity (Amendment) Bill online form.

8 The public consultation documents can be downloaded below:

1. Public Consultation Document
2. Draft Cybersecurity (Amendment) Bill

Press release is available here.